| Thread Previous • Date Previous • Date Next • Thread Next |
On 05/22/2012 07:07 AM, Kuo Hugo wrote:
Hi Folks , I have try with keystone backend by LDAP and Windows AD. It looks fine . Just want to clarify one point.For my test result , LDAP driver could only validate users in the particular container (OU,CN etc.) and does not include the subtree users.[ldap] tree_dn = dc=taiwan,dc=com user_tree_dn = ou=foo,dc=taiwan,dc=com For example .... User1 : cn=jeremy,ou=foo,dc=taiwan,dc=com User2 : cn=jordan,ou=bar,ou=foo,dc=taiwan,dc=com User1 could be validated , and get the token generated by keystone. User2 could not be validated Is there any way to validate both User1 and User2 in current design ?
No, there is not. Queries are not done against subtrees. If this is important to you, please file a ticket: https://bugs.launchpad.net/keystone/+filebug
-- +Hugo Kuo+ tonytkdk@xxxxxxxxx <mailto:tonytkdk@xxxxxxxxx> + <mailto:tonytkdk@xxxxxxxxx>886 935004793 _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@xxxxxxxxxxxxxxxxxxx Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
| Thread Previous • Date Previous • Date Next • Thread Next |
